AutoMedSysAI/OSJ
1
0
Fork 0
Code Issues Pull Requests Releases Activity

first commit

Browse Source
This commit is contained in:
CHIEFSOFT\ameye
2024-06-08 17:09:23 -04:00
commit df3a033196
17887 changed files with 8637778 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/pkp/classes/security/authorization/SubmissionAccessPolicy.php
+136
View File
@@ -0,0 +1,136 @@
<?php
/**
* @file classes/security/authorization/SubmissionAccessPolicy.php
*
* Copyright (c) 2014-2021 Simon Fraser University
* Copyright (c) 2000-2021 John Willinsky
* Distributed under the GNU GPL v3. For full terms see the file docs/COPYING.
*
* @class SubmissionAccessPolicy
*
* @ingroup security_authorization
*
* @brief Base class to control (write) access to submissions and (read) access to
* submission details in OMP.
*/
namespace PKP\security\authorization;
use PKP\core\PKPRequest;
use PKP\security\authorization\internal\ContextPolicy;
use PKP\security\authorization\internal\ReviewAssignmentAccessPolicy;
use PKP\security\authorization\internal\SubmissionAuthorPolicy;
use PKP\security\authorization\internal\SubmissionRequiredPolicy;
use PKP\security\authorization\internal\UserAccessibleWorkflowStageRequiredPolicy;
use PKP\security\Role;
class SubmissionAccessPolicy extends ContextPolicy
{
/**
* Constructor
*
* @param PKPRequest $request
* @param array $args request parameters
* @param array $roleAssignments
* @param string $submissionParameterName the request parameter we
* expect the submission id in.
* @param bool $permitDeclined True iff declined reviews are permitted for viewing by reviewers
*/
public function __construct($request, $args, $roleAssignments, $submissionParameterName = 'submissionId', $permitDeclined = false)
{
parent::__construct($request);
// We need a submission in the request.
$this->addPolicy(new SubmissionRequiredPolicy($request, $args, $submissionParameterName));
// Authors, managers and sub editors potentially have
// access to submissions. We'll have to define differentiated
// policies for those roles in a policy set.
$submissionAccessPolicy = new PolicySet(PolicySet::COMBINING_PERMIT_OVERRIDES);
//
// Author role
//
if (isset($roleAssignments[Role::ROLE_ID_AUTHOR])) {
// 1) Author role user groups can access whitelisted operations ...
$authorSubmissionAccessPolicy = new PolicySet(PolicySet::COMBINING_DENY_OVERRIDES);
$authorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_AUTHOR, $roleAssignments[Role::ROLE_ID_AUTHOR], 'user.authorization.authorRoleMissing'));
// 2) ... if they meet one of the following requirements:
$authorSubmissionAccessOptionsPolicy = new PolicySet(PolicySet::COMBINING_PERMIT_OVERRIDES);
// 2a) ...the requested submission is their own ...
$authorSubmissionAccessOptionsPolicy->addPolicy(new SubmissionAuthorPolicy($request));
// 2b) ...OR, at least one workflow stage has been assigned to them in the requested submission.
$authorSubmissionAccessOptionsPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$authorSubmissionAccessPolicy->addPolicy($authorSubmissionAccessOptionsPolicy);
$submissionAccessPolicy->addPolicy($authorSubmissionAccessPolicy);
}
//
// Reviewer role
//
if (isset($roleAssignments[Role::ROLE_ID_REVIEWER])) {
// 1) Reviewers can access whitelisted operations ...
$reviewerSubmissionAccessPolicy = new PolicySet(PolicySet::COMBINING_DENY_OVERRIDES);
$reviewerSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_REVIEWER, $roleAssignments[Role::ROLE_ID_REVIEWER]));
// 2) ... but only if they have been assigned to the submission as reviewers.
$reviewerSubmissionAccessPolicy->addPolicy(new ReviewAssignmentAccessPolicy($request, $permitDeclined));
$submissionAccessPolicy->addPolicy($reviewerSubmissionAccessPolicy);
}
//
// Assistant role
//
if (isset($roleAssignments[Role::ROLE_ID_ASSISTANT])) {
// 1) Assistants can access whitelisted operations ...
$contextSubmissionAccessPolicy = new PolicySet(PolicySet::COMBINING_DENY_OVERRIDES);
$contextSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_ASSISTANT, $roleAssignments[Role::ROLE_ID_ASSISTANT]));
// 2) ... but only if they have been assigned to the submission workflow.
$contextSubmissionAccessPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$submissionAccessPolicy->addPolicy($contextSubmissionAccessPolicy);
}
//
// Sub editor role
//
if (isset($roleAssignments[Role::ROLE_ID_SUB_EDITOR])) {
// 1) Sub editors can access all operations on submissions ...
$subEditorSubmissionAccessPolicy = new PolicySet(PolicySet::COMBINING_DENY_OVERRIDES);
$subEditorSubmissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_SUB_EDITOR, $roleAssignments[Role::ROLE_ID_SUB_EDITOR]));
// 2b) ... but only if they have been assigned to the requested submission.
$subEditorSubmissionAccessPolicy->addPolicy(new UserAccessibleWorkflowStageRequiredPolicy($request));
$submissionAccessPolicy->addPolicy($subEditorSubmissionAccessPolicy);
}
//
// Managerial role
//
if (isset($roleAssignments[Role::ROLE_ID_MANAGER])) {
// Managers have access to all submissions.
$submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_MANAGER, $roleAssignments[Role::ROLE_ID_MANAGER]));
}
//
// Site administrator role
//
if (isset($roleAssignments[Role::ROLE_ID_SITE_ADMIN])) {
// Site administrators have access to all submissions.
$submissionAccessPolicy->addPolicy(new RoleBasedHandlerOperationPolicy($request, Role::ROLE_ID_SITE_ADMIN, $roleAssignments[Role::ROLE_ID_SITE_ADMIN]));
}
$this->addPolicy($submissionAccessPolicy);
}
}
if (!PKP_STRICT_MODE) {
class_alias('\PKP\security\authorization\SubmissionAccessPolicy', '\SubmissionAccessPolicy');
}